Safeguarding Cloud Computing One Step at a Time
Blog Published: 10/17/2013
by Manoj Tripathi, PROSThere’ve been a lot of conversations around the concept of “the cloud.” Cloud storage and cloud computing continue to emerge as significant technology and business enablers for organizations. In many cases, cloud computing is a preferred option – it’s fast to set up and ...
Patching the Perpetual MD5 Vulnerability
Blog Published: 10/18/2013
October 17, 2013By Gavin Hill, Director, Product Marketing & Threat Research Center at VenafiEarlier this month, Microsoft updated the security advisory that deprecates the use of MD5 hash algorithms for certificates issued by certification authorities (CA) in the Microsoft root certificat...
SSH – Does Your “Cloud Neighbor” Have an Open Backdoor to Your Cloud App?
Blog Published: 10/30/2013
October 22, 2013By Gavin Hill, Director, Product Marketing & Threat Research Center at VenafiSecure Shell (SSH) is the de facto protocol used by millions to authenticate to workloads running in the cloud and transfer data securely. Even more SSH sessions are established automatically betwe...
A New Business Case for “Why IT Matters” in the Cloud Era
Blog Published: 10/30/2013
October 23rd, 2013Author: Kamal Shah @kdshah Knowledge workers know that cloud services make our work lives easier, drive business agility and increase productivity. For instance, when colleagues need to share a file that’s too large to attach to an email message, they simply toss it into a ...
What should cloud enabled data security protections look like in the future?
Blog Published: 11/18/2013
While listening to one of my favorite podcasts about two months ago, I heard a quote from a man named William Gibson that really resonated with me. He said, "The future is here already, it's just not evenly distributed". As I was driving along continuing to listen, it really started the synaps...
Thoughts and key takeaway: Cloud Security Alliance CEE summit
Blog Published: 11/18/2013
The Cloud Security Alliance Central Eastern Europe Summit gave a good opportunity to learn about the Cloud Computing market in areas of Europe that are less reviewed. The congress, held in the center of the old city of Ljubljana, provided interesting mixture of Information Security professiona...
Protecting Your Company from Backdoor Attacks – What You Need to Know
Blog Published: 11/20/2013
November 14th, 2013By Sekhar Sarukkai “We often get in quicker by the back door than the front” — Napoleon Bonaparte A rare example of a backdoor planted in a core industry security standard has recently come to light. It is now widely believed that the NSA compromised trust in NIST’s encry...
Cloud Collaboration: Maintaining Zero Knowledge across International Boundaries
Blog Published: 11/20/2013
The increasingly global nature of business requires companies to collaborate more and more across borders, exchanging all manner of documents: contracts, engineering documents and other intellectual property, customer lists, marketing programs and materials, and so on. Unfortunately, the combi...
Seeing Through the Clouds
Blog Published: 11/20/2013
By TK Keanini, CTO, LancopeThe economics of cyber-attacks have changed over the years. Fifteen years ago, it was all about network penetration, but today advanced attackers are more concerned about being detected. Similarly, good bank robbers are concerned about breaking into the bank, but gre...
How Snowden Breached the NSA
Blog Published: 11/20/2013
NOVEMBER 12TH, 2013 - BY: KEVIN BOCEK How Edward Snowden did it and is your enterprise next? There’s one secret that’s still lurking at the NSA: How did Edward Snowden breach the world’s most sophisticated IT security organization? This secret has as much to do with the NSA as it does with you...
Announcing the Consensus Assessments Initiative Questionnaire (CAIQ) V.3 Open Review Period
Blog Published: 12/03/2013
At CSA Congress 2013 this week we are announcing the open review period of the Consensus Assessments Initiative Questionnaire (CAIQ) v.3 and we hope you will take a few moments and provide your input to this very important initiative. Lack of security control transparency is a leading inhibit...
Introducing the CSA’s New Virtualization Working Group
Blog Published: 12/03/2013
There’s been a lot of noise around the establishment of new working groups at this year’s Congress and today we’d like to also introduce another important addition: the Virtualization Working Group. Chaired by Kapil Raina of Zscaler, the Virtualization Working Group is chartered to lead resear...
Introducing the CSA’s Anti-Bot Working Group
Blog Published: 12/04/2013
Among the many exciting new working groups being established and meeting at CSA Congress, today we’d like to also introduce our Anti-Bot Working Group. Chaired by Shelbi Rombout from USBank, this group’s mission is to develop and maintain a research portfolio providing capabilities to assist t...
Introducing the CSA Financial Services Working Group
Blog Published: 12/04/2013
At our annual CSA Congress today, the CSA is pleased to introduce the new Financial Services Working Group (FSWG), which aims to provide knowledge and guidance on how to deliver and manage secure cloud solutions in the financial industry, and to foster cloud awareness within the sector and rel...
CloudTrust Protocol (CTP) Working Group Kicks Off at CSA Congress
Blog Published: 12/06/2013
The Cloud Trust Protocol (CTP) aims to provide a protocol to enable Cloud Users to query Cloud Providers in real time about the security level of their service. It aims to foster transparency and trust in the cloud supply chain, bringing greater visibility to cloud users and providing them wit...
What’s New With the Security as a Service Working Group?
Blog Published: 12/09/2013
CSA members are invited to join the Security-as-a-Service Working Group (SecaaS WG) which aims to promote greater clarity in the Security as a Service model. Why a Security as a Service Working Group? Numerous security vendors are now leveraging cloud based models to deliver security solutio...
Evolution of Distributed Policy Enforcement in the Cloud
Blog Published: 12/10/2013
By Krishna Narayanaswamy, chief scientist at NetskopeAs computing shifts to the cloud, so too must the way we enforce policy.Until recently, enterprise applications were hosted in private data centers under the strict control of centralized IT. Between firewalls and intrusion prevention system...
Why Higher Education Institutions Need Cloud-Based Identity Providers
Blog Published: 01/09/2014
By Dan Dagnall, Chief Technology Strategist for Fischer International IdentityFederation is definitely a hot topic these days, with NSTIC attempting to create an identity ecosystem, InCommon continuing to build its service-providerfederation, and state-level initiatives gearing up (some are al...
Why companies are adopting more cloud based IT security solutions
Blog Published: 01/09/2014
We have entered the age of pervasive connectivity. Regardless of whether we are at home, in the office, or on the road, most of us are almost always connected. This trend is blurring the lines between work time and leisure time, with the same devices used for both contexts interchangea...
Health Checking for Cloud Performance
Blog Published: 01/15/2014
Steve Malmskog has more than 15 years of experience as a chief network architect.In this best practices video, Steve provides an in depth look at information you can gather about the health of nodes based on the traffic itself through in-band health checking vs. out-of-band checking which can ...
